This case study examines how a global manufacturing organization with locations in 17 countries implemented a network access control solution to enforce consistent security policy across a highly heterogeneous network environment.
The Challenge
With over 25,000 endpoints spanning 17 countries, the organization had no consistent visibility into what was connecting to their network. Contractors and temporary workers were routinely connecting unmanaged, potentially compromised laptops directly to the production network. A major malware outbreak in 2006 caused three days of operational disruption at a cost of over $2 million.
The Solution
The organization deployed an out-of-band NAC solution integrated with their existing Cisco switch infrastructure. The solution required no hardware changes at remote sites — all enforcement occurred through existing switches via 802.1X and VLAN assignment. Endpoints were assessed through a lightweight agent for managed devices and through agentless scanning for unmanaged devices.
Results
Six months after full deployment: 100% endpoint visibility across all 17 locations; malware incident rate reduced by 78%; compliance with antivirus and patch requirements increased from 62% to 94%; and time to remediate non-compliant devices reduced from an average of 4 days to under 4 hours.